syncope-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Francesco Chicchiriccò <ilgro...@apache.org>
Subject Re: Automating Syncope's dependency updates
Date Tue, 17 Dec 2019 13:00:37 GMT
FYI: https://issues.apache.org/jira/browse/INFRA-19586

Regards.

On 17/12/19 05:38, Misagh Moayyed wrote:
> Sure, will do. Thanks everyone. 
>
> --Misagh
>
> ----- Original Message -----
>> From: "Francesco Chicchiriccò" <ilgrosso@apache.org>
>> To: "dev" <dev@syncope.apache.org>
>> Sent: Monday, December 16, 2019 12:22:45 PM
>> Subject: Re: Automating Syncope's dependency updates
>> Hi Misagh,
>> it seems we have some consensus here, please go ahead and open an issue on
>>
>> https://issues.apache.org/jira/browse/INFRA
>>
>> about this topic, thanks.
>>
>> Regards.
>>
>> On 11/12/19 15:13, Francesco Chicchiriccò wrote:
>>> Hi Misagh,
>>> renovatebot looks interesting and worth at least to explore the possibility to
>>> add it at project's (rather than committer's level).
>>>
>>> +1 to go ahead and ask Infra team about it.
>>> Regards.
>>>
>>> On 11/12/19 15:00, Misagh Moayyed wrote:
>>>> Hey Team,
>>>>
>>>> I suspect most know about this sort of thing, but I thought to share this
with
>>>> you:
>>>> https://github.com/renovatebot/renovate
>>>>
>>>> I think this is a useful tool to allow a Github project such as Syncope to
>>>> automatically receive dependency updates and become self sufficient. It will
>>>> attempt to parse the project's dependencies/pom and will then begin to issue
>>>> pull requests with relevant updates. Its schedule, update policy and
>>>> inclusion/exclusion rules can all be controlled via a .renovate JSON file.
>>>>
>>>> It can run in two ways:
>>>>
>>>> 1- As a GitHub app, which would be installed for the Apache org on Github
and
>>>> enabled for select repositories, such as Syncope. This option requires
>>>> coordination/permission from Apache infra, and updates are then automatic.
>>>>
>>>> 2- As a CLI tool, where a committer's personal access token is passed as
a
>>>> command-line argument, and the tool can run as part of CI. This option probably
>>>> does not require anything from Apache infra [?], and updates can be cancelled
>>>> as part of the CI job that runs the tool.
>>>>
>>>> I am not sure what the CLA policy would be for bots; the second option probably
>>>> [?] covers this, as PRs are issued on behalf of the committer whose AT is
used.
>>>> Either way, it seems like we need clarification from Apache infra.
>>>>
>>>> This is an example of a pull request by the bot:
>>>> https://github.com/Jasig/uPortal/pull/1849
>>>>
>>>> This is an example of the bot's JSON configuration file:
>>>> https://github.com/Jasig/uPortal/blob/master/renovate.json
>>>>
>>>> How do you feel about this? Is this a good option to pursue and follow up?
>>>>
>>>> The bot also has the ability to rebase PRs, and can also take over the merging
>>>> process automatically if CI passes or other rules allow. (At some point in
the
>>>> future, I think it will also gain the ability to travel back in time and
kill
>>>> Sarah Connor [1], but that has yet to be fully verified.)
>>>>
>>>> --Misagh
>>>>
>>>> [1] https://www.wikiwand.com/en/Sarah_Connor_(Terminator)
>> --
>> Francesco Chicchiriccò
>>
>> Tirasa - Open Source Excellence
>> http://www.tirasa.net/
>>
>> Member at The Apache Software Foundation
>> Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
>> http://home.apache.org/~ilgrosso/


-- 
Francesco Chicchiriccò

Tirasa - Open Source Excellence
http://www.tirasa.net/

Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/


Mime
View raw message